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DETAILED ACTION 

1 . This application has been examined. 
Claims 1-20 are pending. 

Claim Rejections - 35 USC §112 

2. The rejections of claims 1,18, and 20 under 35 USC §112 are 
withdrawn with respect to failing to comply with the written description 
requirement. 

Claim Rejections - 35 USC § 103 

3. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described 
as set forth in section 102 of this title, if the differences between the subject matter sought to 
be patented and the prior art are such that the subject matter as a whole would have been 
obvious at the time the invention was made to a person having ordinary skill in the art to which 
said subject matter pertains. Patentability shall not be negatived by the manner in which the 
invention was made. 

4. Claims 1 -20 are rejected under 35 U.S.C. 1 03(a) as being unpatentable 
over Applicant's Admission of Prior Art (Pub. No. 2005/01 1 4655 A1 ), hereinafter 
AAPA, in view of Cheriton (USPN 7,149,216), hereinafter Cheriton, and further in 
view of Buia et al. (USPN 2004/0078683 A1), hereinafter Buia. 



Application/Control Number: 10/723,160 Page 3 

Art Unit: 2165 

a. Per claim 1 , AAPA discloses a method of generating a 
representation of an access control list (See pg. 1 paragraph [0003] where 
routers or switches typically utilize ACLs.), the representation being utilizable 
in a processor (See pg. 1 paragraph [0004] where network processors are 
used.), the method comprising the steps of: 

determining a plurality of rules of the access control list, each of at least a 
subset of the rules having a plurality of fields and a corresponding action (See 
page 1 paragraph [0003] where an ACL generally comprises a set of rules, 
the rules having fields and corresponding actions.). 

AAPA does not explicitly disclose processing the rules to generate a multi- 
level tree representation of the access control list, each of one or more of the 
levels of the tree representation being associated with a corresponding one of 
the fields; and wherein at least one level of the tree representation comprises a 
plurality of nodes. 

However, Cheriton discloses the ACL having rules compiled into an ACL- 
M-trie Plus data structure having multiple levels, and each level having of a 
plurality of nodes being associated with fields, the fields included source and 
destination addresses (See col. 2 lines 15-18 and 35-37, and col. 4 lines 5-9 
where M-trie Plus data structure is a multi-level tree.). 

At the time of the invention, it would have been obvious to a person of 
ordinary skill in the art of generating Access Control Lists (ACLs) (AAPA) to 
generate a multi-level tree representation of the access control list as taught by 
Cheriton. The motivation would have been to provide a faster way of traversing 
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the ACL due to earlier methods being relatively slow (See col. 1 lines 39-46 of 
Cheriton.). 

AAPA in view of Cheritan does not explicitly disclose that with two or more 
of the nodes of a level having a common subtree, the tree representation 
including only a single copy of that subtree; the subtree comprising at least one 
node that is not a leaf node of the tree representation; the tree representation 
being characterizable as a directed graph in which each of the two nodes having 
the common subtree points to the single copy of the common subtree. 

However, Buia discloses two or more of the nodes of a level of a tree in a 
directed graph representation having a common subtree pointing to a single copy 
of the common subtree comprising at least one node that is not a leaf node of the 
tree (See Fig. 7B where two nodes 'FAULT A' and 'FAULT F' have common 
subtree at node 'FAULT C where node 'FAULT C of the common subtree is 
not a leaf node and the subtree is the only copy in the tree representation. 
The tree representation is characterized as a directed graph.). 

At the time of the invention, it would have been obvious to a person of 
ordinary skill in the art of generating Access Control Lists (ACLs) in a multi-level 
tree representation (as AAPA, Cheritan, and Buia) to have two or more of the 
nodes of a level of the tree in a directed graph representation having a common 
subtree pointing to a single copy of the common subtree as taught by Buia. The 
motivation would have been to optimize efficiency and productivity by creating an 
ACL tree representation that handles identical tree portions or subtrees by 
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sharing subtrees (as seen on pg. 3 paragraph [0025] and pg. 9 paragraph 
[0101] of Buia.). 

b. Per claim 2, AAPA discloses wherein the common subtree is 
implemented at least in part as a matching table (AAPA See pg. 1 paragraph 
[0009] where ACL rules are stored in table format. Also see [0003] where 
ACL typically imply an ordered matching or ordered list of AAPA.). 

c. Per claim 3, Cheriton discloses wherein the plurality of fields 
comprises at least first and second fields, the first field comprising a source 
address field and the second field comprising a destination address field (See 
pg. 1 paragraph [0003] where fields define source and destination 
addresses of Cheriton.). 

d. Per claim 4, Cheriton discloses wherein a final level of the tree 
representation comprises a plurality of leaf nodes, each associated with one of 
the actions of the plurality of rules (See col. 2 lines 35-42, col. 3 lines 53-63, 
and col. 4 lines 5-9 of Cheriton where second level of nodes of the 
addresses is associated with routing rules.). 

e. Per claim 5, Cheriton discloses wherein the at least one level of 
the tree representation comprises a root level of the tree representation (See col. 
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4 lines 1-4 of Cheriton where tree, including roots; i.e. root level.). 

f. Per claim 6, Buia wherein a second level of the tree representation 
includes a plurality of nodes, each being associated with a subtree of a given one 
of the plurality of nodes of the root level of the tree representation (See Figs. 7B 
and Fig. 8 where tree representation may include plurality of root level 
nodes as in 7B and a second level with a plurality of nodes from a root 
level.;. 

g. Per claim 7, Cheriton discloses wherein for each level of the tree 
representation that corresponds to a field of a rule of the access control list (See 
Cheriton col. 4 lines 35-41 where first and second levels corresponding to 
fields including source and destination address.), a master list of nodes is 
maintained, each node comprising at least one of information characterizing one 
or more field values associated with that node (See Cheriton col. 3 lines 53-67 
where extended ACL List is master list), one or more subtree pointers for that 
node, and a reference count indicating how many ancestor nodes are pointing to 
that node (See Cheriton col. 3 lines 46-51 where oppointer includes pointers 
for a node and opcode; i.e. subtree pointers and a reference count.). 

h. Per claim 8, Cheriton discloses wherein the tree representation is 
generated by sequentially processing the rules of the access control list, the 
processing for a given rule comprising applying values of fields of the given rule 
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to one or more existing nodes of the tree representation (See col.1 lines 55-59 
and col. 2 lines 15-19 of Cheriton for access control list processing.), and 
wherein when a particular value of a field of the given rule is applied to a given 
node (See col. 2 lines 35-43 where sequence of nodes have applied source 
and destination address values, see col. 4 lines 5-9.). 

Buia discloses a copy is made of the node, the field value is applied to the 
copied node, and the resultant updated node is added to the master list of the 
corresponding level (See pg. 8 paragraph [0099] Buia teaches creating copy 
of node.;. 

i. Per claims 9, Buia discloses wherein the updated node is 
compared with other nodes of the master list and if a duplicate node is found, the 
copied node is deleted and a pointer to the duplicate node is provided to an 
ancestor node that points to the given node, a subtree pointer of the ancestor 
node is updated to the duplicate node pointer, a reference count of the duplicate 
node now pointed to by the ancestor node is incremented and a reference count 
of the given node previously pointed to by the ancestor node is decremented 
(See pg. 8 paragraph [0099] Buia teaches creating copy of node.). 

j. Per claims 10, Buia discloses the method of claim 9 wherein if a 
duplicate node is found in the master list, that duplicate node is moved to an 
initial position in the master list (See pg. 8 paragraph [0099] for copy node.). 
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k. Per claims 1 1 , Cheriton discloses the wherein for each node in the 
master list (See Cheriton were master list is extended ACL list), a copy 
pointer is maintained, and wherein when a copied node is compared to the 
master list and a duplicate node is found, the copied node is added as a copy to 
the master list for use in conjunction with the processing of a subsequent rule 
(See AAPA for ACL rules. See Buia pg. 8 paragraph [0099] for copy node.) 

I. Per claims 12, Cheriton and Buia discloses wherein for each node 
in the master list (See Cheriton col. 3 lines 64-66 where extended ACL list is 
master list), a signature is maintained in order to facilitate node comparisons, a 
full comparison of node subtrees being performed only if a match is obtained 
between node signatures (See Buia Fig. 7B for common subtree node.). 

m. Per claims 13, Cheriton discloses wherein the signature for a given 
node is generated as a function of at least one of a field value and a subtree 
pointer (See Cheriton col. 3 lines 46-51 for subtree pointer; i.e. oppointer 
and col. 4 lines 5-10 for field values; i.e. source and destination address.). 

n. Per claim 14, AAPA in view of Cheriton and Buia discloses wherein 
the corresponding actions include at least an accept action and a deny action 
(See rejection of claim 1 above where an accept or deny action is involved 
in routing the packets.). 
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o. Per claim 15, AAPA discloses the method of claim 1 further 
including the step of storing at least a portion of the tree representation in 
memory circuitry accessible to the processor (See AAPA pg. 1 paragraph 
[0007] where memory is taught.). 

p. Per claim 16, AAPA and Cheriton discloses the method of claim 1 
further including the step of utilizing the stored tree representation to perform an 
access control list based function in the processor (See AAPA pg. 1 paragraph 
[0004] for utilizing in the network processor, [0007] for memory, and 
Cheriton col. 2 lines 15-20 for stored tree structure.). 

q. Per claim 17, AAPA discloses the method of claim 16 wherein the 
access control list based function comprises packet filtering (See AAPA pg. 1 
paragraph [0004] where packet filtering is taught). 

r. Per claim 18, rejection of claim 1 is incorporated. Claim 18 is 
rejected under the same rationale as claim 1 . AAPA in view of Cheriton and Buia 
discloses an apparatus configured for performing one or more processing 
operations utilizing a representation of an access control list, the access control 
list comprising a plurality of rules, each of at least a subset of the rules having a 
plurality of fields and a corresponding action (See AAPA paragraph [0003] for 
ACL comprising rules having fields.), the apparatus comprising: 
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a processor having memory circuitry associated therewith (See AAPA pg. 
1 paragraph [0004] for network processors and [0007] for memory 
circuitry.); 

the memory circuitry being configured for storing (See AAPA pg. 1 [0007] 
for memory circuitry) at least a portion of a multi-level tree representation of the 
access control list, each of one or more of the levels of the tree representation 
being associated with a corresponding one of the fields (See Cheriton cols. 2 
lines 35-44 for levels of multi-level tree representation of ACL.); 

the processor being operative to utilize the stored tree representation to 
perform an access control list based function (See AAPA pg. 1 paragraph 
[0004] for network processors in view of Cheriton cols. 2 lines 35-44 for 
tree representation to perform ACL function.) 

wherein at least one level of the tree representation comprises a plurality 
of nodes (See col. 2 lines 15-18 and 35-37, and col. 4 lines 5-9 of Cheriton 
where M-trie Plus data structure is a multi-level tree.), 

AAPA in view of Cheritan does not explicitly disclose that with two or more 
of the nodes of a level having a common subtree, the tree representation 
including only a single copy of that subtree; the subtree comprising at least one 
node that is not a leaf node of the tree representation; the tree representation 
being characterizable as a directed graph in which each of the two nodes having 
the common subtree points to the single copy of the common subtree. 

However, Buia discloses two or more of the nodes of a level of a tree in a 
directed graph representation having a common subtree pointing to a single copy 
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of the common subtree comprising at least one node that is not a leaf node of the 
tree (See Fig. 7B where two nodes 'FAULT A' and 'FAULT F' have common 
subtree at node 'FAULT C where node 'FAULT C of the common subtree is 
not a leaf node and the subtree is the only copy in the tree representation. 
The tree representation is characterized as a directed graph.). 

At the time of the invention, it would have been obvious to a person of 
ordinary skill in the art of generating Access Control Lists (ACLs) in a multi-level 
tree representation (as AAPA, Cheritan, and Buia) to have two or more of the 
nodes of a level of the tree in a directed graph representation having a common 
subtree pointing to a single copy of the common subtree as taught by Buia. The 
motivation would have been to optimize efficiency and productivity by creating a 
ACL tree representation that handles identical tree portions or subtrees by 
sharing subtrees (as seen on pg. 3 paragraph [0025] and pg. 9 paragraph 
[0101] of Buia.). 

s. Per claim 19, rejection of claim 18 is incorporated. AAPA 
discloses the apparatus of claim 18 wherein the memory circuitry comprises at 
least one of internal memory and external memory of the processor (See AAPA 
paragraph [0007] memory circuitry and [0004] for processor.) 

t. Per claim 20, rejection of claim 1 is incorporated. Claim 20 is 
rejected under the same rationale as claim 1 . AAPA in view of Cheriton and Buia 
discloses an article of manufacture comprising a machine-readable storage 
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medium having program code stored thereon, the program code generating a 
representation of an access control list, the representation being utilizable in a 
processor (See AAPA pg. 1 paragraph [0003] for ACL [0004] for processor, 
and [0007] for article of manufacture comprising machine-readable storage 
medium, i.e. memory.), wherein the program code when executed implements 
the steps of: 

determining a plurality of rules of the access control list, each of at least a 
subset of the rules having a plurality of fields and a corresponding action (See 
AAPA page 1 paragraph [0003] where an ACL generally comprises a set of 
rules, the rules having fields and corresponding actions.); and 

processing the rules to generate a multi-level tree representation of the 
access control list, each of one or more of the levels of the tree representation 
being associated with a corresponding one of the fields; wherein at least one 
level of the tree representation comprises a plurality of nodes (See Cheritan 
where col. 2 lines 15-18 and 35-37, and col. 4 lines 5-9 where M-trie Plus 
data structure is a multi-level tree.). 

AAPA in view of Cheritan does not explicitly disclose that with two or more 
of the nodes of a level having a common subtree, the tree representation 
including only a single copy of that subtree; the subtree comprising at least one 
node that is not a leaf node of the tree representation; the tree representation 
being characterizable as a directed graph in which each of the two nodes having 
the common subtree points to the single copy of the common subtree. 
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However, Buia discloses two or more of the nodes of a level of a tree in a 
directed graph representation having a common subtree pointing to a single copy 
of the common subtree comprising at least one node that is not a leaf node of the 
tree (See Fig. 7B where two nodes 'FAULT A' and 'FAULT F' have common 
subtree at node 'FAULT C where node 'FAULT C of the common subtree is 
not a leaf node and the subtree is the only copy in the tree representation. 
The tree representation is characterized as a directed graph.). 

At the time of the invention, it would have been obvious to a person of 
ordinary skill in the art of generating Access Control Lists (ACLs) in a multi-level 
tree representation (as AAPA, Cheritan, and Buia) to have two or more of the 
nodes of a level of the tree in a directed graph representation having a common 
subtree pointing to a single copy of the common subtree as taught by Buia. The 
motivation would have been to optimize efficiency and productivity by creating a 
ACL tree representation that handles identical tree portions or subtrees by 
sharing subtrees (as seen on pg. 3 paragraph [0025] and pg. 9 paragraph 
[0101] of Buia.). 
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Response to Arguments 

5. Applicant's arguments filed 03/12/2008 have been fully considered. The 
finality of the previous Office action has been withdrawn. Applicant's submission 
filed on 03/12/08 has been entered. 

6. Applicant's arguments with respect to claims 1,18, and 20 have been 
considered but are moot in view of the new ground(s) of rejection. See 
rejections of claims above. Due to new grounds of rejection, claims are not in 
condition for allowance. 

Conclusion 

7. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. Wilford et al. (USPN 5,509,006) teaches nodes having 
single common subtree. 

8. Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to Carlene Gordon whose telephone number is 
(571) 272-1951 . The examiner can normally be reached on Mon-Fri, varying 
times between 5:30am - 10:00pm EST. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Christian Chace can be reached on (571) 272-4190. The 
fax phone number for the organization where this application or proceeding is 
assigned is 571-273-8300. 
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9. Information regarding the status of an application may be obtained from 
the Patent Application Information Retrieval (PAIR) system. Status information 
for published applications may be obtained from either Private PAIR or Public 
PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- 
free). If you would like assistance from a USPTO Customer Service 
Representative or access to the automated information system, call 800-786- 
9199 (IN USA OR CANADA) or 571-272-1000. 

/C. G.I 

/Carlene Gordon/ 
Patent Examiner 
Art Unit 2165 
/Christian P. Chace/ 

Supervisory Patent Examiner, Art Unit 2165 



